<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="zh-CN" lang="zh-CN">
<head>
	<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
	<meta name="viewport" content="width=device-width, initial-scale=1.0">
	<meta name="keywords" content="SecWiki，维基，安全，资讯，专题，导航，RSS聚合，Ｗeb安全，Ｗeb安全，移动平台，二进制安全，恶意分析，网络安全，设备安全，运维技术，编程技术，书籍推荐">
	<title>SecWiki周刊（第47期)</title>
	<link rel="stylesheet" type="text/css" href="https://secwiki.b0.upaiyun.com/css/bootstrap.css"/>
    <link rel="stylesheet" type="text/css" href="https://secwiki.b0.upaiyun.com/css/styles.css" />
    <link rel="stylesheet" type="text/css" href="https://secwiki.b0.upaiyun.com/css/people.css" />
    <link rel="shortcut icon" href="https://secwiki.b0.upaiyun.com/img/favicon.ico">
	<meta name="viewport" content="width=device-width, initial-scale=1.0" />
    <script src="//upcdn.b0.upaiyun.com/libs/jquery/jquery-1.8.3.min.js"></script>
</head>

<body>
<div class="navbar navbar-fixed-top"><div class="navbar-inner"><div class="container"><a class="btn btn-navbar" data-toggle="collapse" data-target="#yii_bootstrap_collapse_0"><span class="icon-bar"></span><span class="icon-bar"></span><span class="icon-bar"></span></a><a href="/index.php" class="brand"><img src="https://secwiki.b0.upaiyun.com/logo.jpg" alt="" /></a><div class="nav-collapse collapse" id="yii_bootstrap_collapse_0"><form class="navbar-search pull-right" action="/news/search">
         <input type="text" class="search-query span2" name="wd" placeholder="SecWiki">
        </form>
    	<ul id="yw0" class="nav"><li><a href="/index.php">首页</a></li><li><a href="/event">新闻</a></li><li><a href="/news">技术</a></li><li><a href="/skill">技能</a></li><li><a href="/topic">专题</a></li><li><a href="/book">书籍</a></li><li><a href="/user/members">成员</a></li><li><a href="/opml/index">聚合</a></li><li><a href="/tougao/create">投稿</a></li></ul></div></div></div></div>
<div class="container" id="page">
			<!-- breadcrumbs -->
	
    <div style="margin-left: 15px;">
	    <div class="row-fluid">
    <div id="content">
            <link rel="stylesheet" type="text/css" href="/css/mweekly.css"/>

<h5><strong>SecWiki周刊（第47期）</strong></h5>
<blockquote> 2015/01/19-2015/01/25</blockquote>
<section id="news">
    <div class="weeklydivide">
      <strong>安全资讯</strong>
    </div><div class="single"><span id="tags">[视频]&nbsp;&nbsp;</span>白帽黑客吐嘈《骇客交锋》：一部极烂的黑客电影<br><a target="_blank" href="http://www.aqniu.com/news/6399.html">http://www.aqniu.com/news/6399.html</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>Exploit Kits: A Fast Growing Threat<br><a target="_blank" href="https://blog.malwarebytes.org/exploits-2/2015/01/exploit-kits-a-fast-growing-threat/">https://blog.malwarebytes.org/exploits-2/2015/01/exploit-kits-a-fast-growing-threat/</a></div><div class="single"><span id="tags">[其它]&nbsp;&nbsp;</span>热门游戏《英雄联盟》和《流放之路》官方版本中被植入木马后门<br><a target="_blank" href="http://www.freebuf.com/news/57062.html">http://www.freebuf.com/news/57062.html</a></div><div class="single"><span id="tags">[论文]&nbsp;&nbsp;</span>国际学术期刊的四大巨头<br><a target="_blank" href="http://mp.weixin.qq.com/s?__biz=MzA3ODU1NjUyNw==&amp;mid=203877137&amp;idx=1&amp;sn=298714542e7011ffe9fcc551f51d3169&amp;scene=1">http://mp.weixin.qq.com/s?__biz=MzA3ODU1NjUyNw==&amp;mid=203877137&amp;idx=1&amp;sn=298714542e7011ffe9fcc551f51d3169&amp;scene=1</a></div><div class="single"><span id="tags">[设备安全]&nbsp;&nbsp;</span>Thousands of U.S. gas stations exposed to Internet attacks<br><a target="_blank" href="http://www.networkworld.com/article/2874753/thousands-of-us-gas-stations-exposed-to-internet-attacks.html#tk.rss_all">http://www.networkworld.com/article/2874753/thousands-of-us-gas-stations-exposed-to-internet-attacks.html#tk.rss_all</a></div><div class="single"><span id="tags">[其它]&nbsp;&nbsp;</span>关于安全威胁情报的问卷调研结果分享<br><a target="_blank" href="http://www.sec-un.org/results-of-questionnaire-survey-on-security-threat-intelligence-sharing.html">http://www.sec-un.org/results-of-questionnaire-survey-on-security-threat-intelligence-sharing.html</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>Weakest, common passwords of 2014 revealed<br><a target="_blank" href="http://www.welivesecurity.com/2015/01/21/weakest-common-passwords-2014-revealed/">http://www.welivesecurity.com/2015/01/21/weakest-common-passwords-2014-revealed/</a></div><div class="single"><span id="tags">[移动安全]&nbsp;&nbsp;</span>我关于手机安全的部分观点<br><a target="_blank" href="http://www.weibo.com/p/1001603796524613155744">http://www.weibo.com/p/1001603796524613155744</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>Unpatched Vulnerability (0day) in Flash Player is being exploited <br><a target="_blank" href="http://malware.dontneedcoffee.com/2015/01/unpatched-vulnerability-0day-in-flash.html">http://malware.dontneedcoffee.com/2015/01/unpatched-vulnerability-0day-in-flash.html</a></div><div class="single"><span id="tags">[运维安全]&nbsp;&nbsp;</span>1800 Minecraft logins leak online<br><a target="_blank" href="http://www.welivesecurity.com/2015/01/20/1800-minecraft-logins-leak-online/">http://www.welivesecurity.com/2015/01/20/1800-minecraft-logins-leak-online/</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>Chinese MITM attack on outlook.com<br><a target="_blank" href="http://www.netresec.com/?page=Blog&amp;month=2015-01&amp;post=Chinese-MITM-attack-on-outlook-com">http://www.netresec.com/?page=Blog&amp;month=2015-01&amp;post=Chinese-MITM-attack-on-outlook-com</a></div><div class="single"><span id="tags">[其它]&nbsp;&nbsp;</span>第二代防火墙标准发布会即将在京召开<br><a target="_blank" href="http://www.nsfocus.com.cn/news/201501/902.html">http://www.nsfocus.com.cn/news/201501/902.html</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>The Digital Arms Race: NSA Preps America for Future Battle<br><a target="_blank" href="http://www.spiegel.de/international/world/new-snowden-docs-indicate-scope-of-nsa-preparations-for-cyber-battle-a-1013409.html">http://www.spiegel.de/international/world/new-snowden-docs-indicate-scope-of-nsa-preparations-for-cyber-battle-a-1013409.html</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>雷峰沙龙ASRC上海白帽子交流会总结<br><a target="_blank" href="http://www.weibo.com/p/1001603801026883881684">http://www.weibo.com/p/1001603801026883881684</a></div><div class="single"><span id="tags">[其它]&nbsp;&nbsp;</span>英美两国扩大网络空间安全合作协议<br><a target="_blank" href="http://www.aqniu.com/news/6383.html">http://www.aqniu.com/news/6383.html</a></div></section><section id="news">
    <div class="weeklydivide">
      <strong>安全技术</strong>
    </div><div class="single"><span id="tags">[工具]&nbsp;&nbsp;</span>Github敏感信息收集工具Gitrob介绍<br><a target="_blank" href="http://www.91ri.org/11928.html">http://www.91ri.org/11928.html</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>Google account hijacking via exploitation of XSS flaw | Security Affairs<br><a target="_blank" href="http://securityaffairs.co/wordpress/32615/hacking/google-account-hijacking-via-xss.html">http://securityaffairs.co/wordpress/32615/hacking/google-account-hijacking-via-xss.html</a></div><div class="single"><span id="tags">[工具]&nbsp;&nbsp;</span>ubuntu渗透测试工具<br><a target="_blank" href="https://github.com/madmantm/ubuntu-pentest-tools/blob/master/ubuntu-pentest-tools.sh">https://github.com/madmantm/ubuntu-pentest-tools/blob/master/ubuntu-pentest-tools.sh</a></div><div class="single"><span id="tags">[移动安全]&nbsp;&nbsp;</span>通付盾开源第一代安全加固方案（dex文件整体加密）<br><a target="_blank" href="https://github.com/SharkTeam">https://github.com/SharkTeam</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>首次现身中国的CTB-Locker“比特币敲诈者”病毒分析<br><a target="_blank" href="http://www.freebuf.com/vuls/57033.html">http://www.freebuf.com/vuls/57033.html</a></div><div class="single"><span id="tags">[文档]&nbsp;&nbsp;</span>Our Favorite Presentations from ShmooCon 2015<br><a target="_blank" href="http://researchcenter.paloaltonetworks.com/2015/01/favorite-presentations-shmoocon-2015/">http://researchcenter.paloaltonetworks.com/2015/01/favorite-presentations-shmoocon-2015/</a></div><div class="single"><span id="tags">[视频]&nbsp;&nbsp;</span>BSides Columbus 2015 Videos<br><a target="_blank" href="http://www.irongeek.com/i.php?page=videos/bsidescolumbus2015/mainlist">http://www.irongeek.com/i.php?page=videos/bsidescolumbus2015/mainlist</a></div><div class="single"><span id="tags">[无线安全]&nbsp;&nbsp;</span>Pocket Hacking: NetHunter实战指南<br><a target="_blank" href="http://drops.wooyun.org/tips/4634">http://drops.wooyun.org/tips/4634</a></div><div class="single"><span id="tags">[运维安全]&nbsp;&nbsp;</span>一条命令实现无文件兼容性强的反弹后门<br><a target="_blank" href="http://zone.wooyun.org/content/18244">http://zone.wooyun.org/content/18244</a></div><div class="single"><span id="tags">[工具]&nbsp;&nbsp;</span>廉价Arduino山寨板制作teensy<br><a target="_blank" href="http://lcx.cc/?i=4482">http://lcx.cc/?i=4482</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>Rsync path spoofing attack vulnerability (CVE-2014-9512)<br><a target="_blank" href="http://xteam.baidu.com/?p=169">http://xteam.baidu.com/?p=169</a></div><div class="single"><span id="tags">[运维安全]&nbsp;&nbsp;</span>使用 GitHub / GitLab 的 Webhooks 进行网站自动化部署<br><a target="_blank" href="http://www.lovelucy.info/auto-deploy-website-by-webhooks-of-github-and-gitlab.html">http://www.lovelucy.info/auto-deploy-website-by-webhooks-of-github-and-gitlab.html</a></div><div class="single"><span id="tags">[无线安全]&nbsp;&nbsp;</span>GSM HACK的另一种方法:RTL-SDR<br><a target="_blank" href="http://drops.wooyun.org/papers/4716">http://drops.wooyun.org/papers/4716</a></div><div class="single"><span id="tags">[其它]&nbsp;&nbsp;</span>新型渗透测试系统-Parrot Security OS-☜-ACHE-²º¹³<br><a target="_blank" href="http://r1-r1.com/post/402411_5745698">http://r1-r1.com/post/402411_5745698</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>深入解读MS14-068漏洞：微软精心策划的后门？<br><a target="_blank" href="http://www.freebuf.com/vuls/56081.html">http://www.freebuf.com/vuls/56081.html</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>python和django的目录遍历漏洞(任意文件读取)<br><a target="_blank" href="http://www.lijiejie.com/python-django-directory-traversal/">http://www.lijiejie.com/python-django-directory-traversal/</a></div><div class="single"><span id="tags">[运维安全]&nbsp;&nbsp;</span>高手对决 -- 博客服务器被黑的故事<br><a target="_blank" href="http://yafeilee.me/blogs/54be6e876c69341430050000">http://yafeilee.me/blogs/54be6e876c69341430050000</a></div><div class="single"><span id="tags">[编程技术]&nbsp;&nbsp;</span>深入理解Yii2.0<br><a target="_blank" href="http://www.digpage.com/index.html">http://www.digpage.com/index.html</a></div><div class="single"><span id="tags">[其它]&nbsp;&nbsp;</span>Nullcon HackIM 2015: Forensics 500 writeup<br><a target="_blank" href="https://zairon.wordpress.com/2015/01/19/nullcon-hackim-2015-forensics-500-writeup/">https://zairon.wordpress.com/2015/01/19/nullcon-hackim-2015-forensics-500-writeup/</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>关于webshell验证存活工具编写及思考<br><a target="_blank" href="https://sobug.com/article/detail/5">https://sobug.com/article/detail/5</a></div><div class="single"><span id="tags">[数据挖掘]&nbsp;&nbsp;</span>美团推荐算法实践<br><a target="_blank" href="http://tech.meituan.com/mt-recommend-practice.html">http://tech.meituan.com/mt-recommend-practice.html</a></div><div class="single"><span id="tags">[其它]&nbsp;&nbsp;</span>Which Programming Language Should I Learn First?<br><a target="_blank" href="http://carlcheo.com/startcoding?utm_content=buffer86253&amp;utm_medium=social&amp;utm_source=twitter.com&amp;utm_campaign=buffer">http://carlcheo.com/startcoding?utm_content=buffer86253&amp;utm_medium=social&amp;utm_source=twitter.com&amp;utm_campaign=buffer</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>Exploiting NVMAP to escape the Chrome sandbox - CVE-2014-5332<br><a target="_blank" href="http://googleprojectzero.blogspot.it/2015/01/exploiting-nvmap-to-escape-chrome.html">http://googleprojectzero.blogspot.it/2015/01/exploiting-nvmap-to-escape-chrome.html</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>ProcDOT:a new way of visual malware analysis<br><a target="_blank" href="http://www.procdot.com/">http://www.procdot.com/</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>Metasploit渗透技巧：后渗透Meterpreter代理<br><a target="_blank" href="http://www.freebuf.com/tools/56432.html">http://www.freebuf.com/tools/56432.html</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>Ghost In The Shellcode 2015 CTF Write-up<br><a target="_blank" href="http://labs.jumpsec.com/2015/01/19/ghost-shellcode-2015-ctf-write-cloudfs-challenge/">http://labs.jumpsec.com/2015/01/19/ghost-shellcode-2015-ctf-write-cloudfs-challenge/</a></div><div class="single"><span id="tags">[运维安全]&nbsp;&nbsp;</span>如何发现 NTP 放大攻击漏洞<br><a target="_blank" href="http://drops.wooyun.org/tips/4715">http://drops.wooyun.org/tips/4715</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>Mathy Vanhoef: Reversing and Exploiting ARM Binaries: rwthCTF Trafman<br><a target="_blank" href="http://www.mathyvanhoef.com/2013/12/reversing-and-exploiting-arm-binaries.html">http://www.mathyvanhoef.com/2013/12/reversing-and-exploiting-arm-binaries.html</a></div><div class="single"><span id="tags">[设备安全]&nbsp;&nbsp;</span>加油站实时监测设备的一次全球统计报告<br><a target="_blank" href="http://plcscan.org/blog/2015/01/tank-gauges-vulnerability-global-census-report/">http://plcscan.org/blog/2015/01/tank-gauges-vulnerability-global-census-report/</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>PEDA - Python Exploit Development Assistance for GDB<br><a target="_blank" href="https://github.com/longld/peda">https://github.com/longld/peda</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>Windows 存储设备栈分析<br><a target="_blank" href="http://blog.jowto.com/?p=97">http://blog.jowto.com/?p=97</a></div><div class="single"><span id="tags">[数据挖掘]&nbsp;&nbsp;</span>聊天机器人与自动问答技术<br><a target="_blank" href="http://blog.csdn.net/heiyeshuwu/article/details/42965693">http://blog.csdn.net/heiyeshuwu/article/details/42965693</a></div><div class="single"><span id="tags">[编程技术]&nbsp;&nbsp;</span>PEP 8 - Style Guide for Python Code<br><a target="_blank" href="https://www.python.org/dev/peps/pep-0008/">https://www.python.org/dev/peps/pep-0008/</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>Unpatched Vulnerability (0day) in Flash Player is being exploited by Angler EK<br><a target="_blank" href="http://malware.dontneedcoffee.com/2015/01/unpatched-vulnerability-0day-in-flash.html">http://malware.dontneedcoffee.com/2015/01/unpatched-vulnerability-0day-in-flash.html</a></div><div class="single"><span id="tags">[编程技术]&nbsp;&nbsp;</span>淘宝内部分享：MySQL &amp; MariaDB性能优化<br><a target="_blank" href="http://www.tuicool.com/articles/Uz2aqeM">http://www.tuicool.com/articles/Uz2aqeM</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>Analysis and Detection of Heap-based Malwares Using Introspection in a Virtualiz<br><a target="_blank" href="http://scholarworks.uno.edu/cgi/viewcontent.cgi?article=2947&amp;context=td">http://scholarworks.uno.edu/cgi/viewcontent.cgi?article=2947&amp;context=td</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>11 open source security tools catching fire on GitHub<br><a target="_blank" href="http://www.infoworld.com/article/2606779/security/163151-11-open-source-security-tools-catching-fire-on-GitHub.html">http://www.infoworld.com/article/2606779/security/163151-11-open-source-security-tools-catching-fire-on-GitHub.html</a></div><div class="single"><span id="tags">[书籍]&nbsp;&nbsp;</span>Machine Learning for Hackers<br><a target="_blank" href="https://github.com/wuhujun/git/raw/master/R/Machine%20Learning%20for%20Hackers.pdf">https://github.com/wuhujun/git/raw/master/R/Machine%20Learning%20for%20Hackers.pdf</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>Phishing for Credentials<br><a target="_blank" href="https://enigma0x3.wordpress.com/2015/01/21/phishing-for-credentials-if-you-want-it-just-ask/">https://enigma0x3.wordpress.com/2015/01/21/phishing-for-credentials-if-you-want-it-just-ask/</a></div><div class="single"><span id="tags">[运维安全]&nbsp;&nbsp;</span>dubbo中文参考文档<br><a target="_blank" href="http://alibaba.github.io/dubbo-doc-static/User+Guide-zh.htm">http://alibaba.github.io/dubbo-doc-static/User+Guide-zh.htm</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>SQL Injections in MySQL LIMIT clause <br><a target="_blank" href="https://rateip.com/blog/sql-injections-in-mysql-limit-clause/">https://rateip.com/blog/sql-injections-in-mysql-limit-clause/</a></div><div class="single"><span id="tags">[取证分析]&nbsp;&nbsp;</span>CapTipper - Malicious HTTP traffic explorer tool<br><a target="_blank" href="http://www.omriher.com/2015/01/captipper-malicious-http-traffic.html">http://www.omriher.com/2015/01/captipper-malicious-http-traffic.html</a></div><div class="single"><span id="tags">[编程技术]&nbsp;&nbsp;</span>Examine Shellcode in a Debugger through Control of the Instructio <br><a target="_blank" href="http://digital-forensics.sans.org/blog/2014/12/30/taking-control-of-the-instruction-pointer#.VLAphMvYpfU.twitter">http://digital-forensics.sans.org/blog/2014/12/30/taking-control-of-the-instruction-pointer#.VLAphMvYpfU.twitter</a></div><div class="single"><span id="tags">[编程技术]&nbsp;&nbsp;</span>Using Assembly Language in Linux--(1)<br><a target="_blank" href="http://blog.chinaunix.net/uid-25909722-id-2881267.html">http://blog.chinaunix.net/uid-25909722-id-2881267.html</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>Malware analysis with ... Gephi? <br><a target="_blank" href="http://www.405labs.com/blog/2015/1/21/malware-analysis-with-gephi">http://www.405labs.com/blog/2015/1/21/malware-analysis-with-gephi</a></div><div class="single"><span id="tags">[编程技术]&nbsp;&nbsp;</span>libpcap 编程入门资源<br><a target="_blank" href="http://blog.csdn.net/cnbird2008/article/details/42883969">http://blog.csdn.net/cnbird2008/article/details/42883969</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>ghost-in-the-shellcode-2015 write-ups<br><a target="_blank" href="https://github.com/ctfs/write-ups-2015/tree/master/ghost-in-the-shellcode-2015">https://github.com/ctfs/write-ups-2015/tree/master/ghost-in-the-shellcode-2015</a></div><div class="single"><span id="tags">[编程技术]&nbsp;&nbsp;</span>Shellcode in linux, Create your shellcode from asm<br><a target="_blank" href="https://www.youtube.com/watch?v=mvatIExT-IA">https://www.youtube.com/watch?v=mvatIExT-IA</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span> Looking back at three months of afl-fuzz<br><a target="_blank" href="http://lcamtuf.blogspot.com/2015/01/looking-back-at-three-months-of-afl-fuzz.html">http://lcamtuf.blogspot.com/2015/01/looking-back-at-three-months-of-afl-fuzz.html</a></div><div class="single"><span id="tags">[工具]&nbsp;&nbsp;</span>Hack tools<br><a target="_blank" href="http://hack-tools.blackploit.com/search/label/Python">http://hack-tools.blackploit.com/search/label/Python</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>AVM FRITZ!Box: Firmware Signature Bypass <br><a target="_blank" href="https://www.redteam-pentesting.de/en/advisories/rt-sa-2014-010/-avm-fritz-box-firmware-signature-bypass">https://www.redteam-pentesting.de/en/advisories/rt-sa-2014-010/-avm-fritz-box-firmware-signature-bypass</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>Exploiting Un-validated HTML Form Elements<br><a target="_blank" href="https://www.youtube.com/watch?v=CNRlg8BiJOw">https://www.youtube.com/watch?v=CNRlg8BiJOw</a></div><div class="single"><span id="tags">[取证分析]&nbsp;&nbsp;</span>Linux下基于内存分析的Rootkit检测方法<br><a target="_blank" href="http://drops.wooyun.org/tips/4731">http://drops.wooyun.org/tips/4731</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>PDF deconstruído al aroma de shellcode ( I )<br><a target="_blank" href="http://www.securityartwork.es/2014/09/30/pdf-deconstruido-al-aroma-de-shellcode-i/">http://www.securityartwork.es/2014/09/30/pdf-deconstruido-al-aroma-de-shellcode-i/</a></div><div class="single"><span id="tags">[数据挖掘]&nbsp;&nbsp;</span>用MeCab打造一套实用的中文分词系统<br><a target="_blank" href="http://www.52nlp.cn/%e7%94%a8mecab%e6%89%93%e9%80%a0%e4%b8%80%e5%a5%97%e5%ae%9e%e7%94%a8%e7%9a%84%e4%b8%ad%e6%96%87%e5%88%86%e8%af%8d%e7%b3%bb%e7%bb%9f">http://www.52nlp.cn/%e7%94%a8mecab%e6%89%93%e9%80%a0%e4%b8%80%e5%a5%97%e5%ae%9e%e7%94%a8%e7%9a%84%e4%b8%ad%e6%96%87%e5%88%86%e8%af%8d%e7%b3%bb%e7%bb%9f</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>PDF deconstruído al aroma de shellcode (III)<br><a target="_blank" href="http://www.securityartwork.es/2014/10/21/pdf-deconstruido-al-aroma-de-shellcode-iii/">http://www.securityartwork.es/2014/10/21/pdf-deconstruido-al-aroma-de-shellcode-iii/</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>Using Kernel Rootkits to Conceal Infected MBR | MalwareTech<br><a target="_blank" href="http://www.malwaretech.com/2015/01/using-kernel-rootkits-to-conceal.html">http://www.malwaretech.com/2015/01/using-kernel-rootkits-to-conceal.html</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>对抗机器人：打造前后端结合的WAF（应用层防火墙）<br><a target="_blank" href="http://www.freebuf.com/articles/web/57172.html">http://www.freebuf.com/articles/web/57172.html</a></div><div class="single"><span id="tags">[杂志]&nbsp;&nbsp;</span>乌云月爆第九期<br><a target="_blank" href="http://pan.baidu.com/s/1ntwXTTR">http://pan.baidu.com/s/1ntwXTTR</a></div><div class="single"><span id="tags">[编程技术]&nbsp;&nbsp;</span>Shellcode on linux, Crea tu shellcode apartir de asm 2 <br><a target="_blank" href="https://www.youtube.com/watch?v=k3ZSeYq0txE">https://www.youtube.com/watch?v=k3ZSeYq0txE</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>Awesome Penetration Testing<br><a target="_blank" href="https://github.com/enaqx/awesome-pentest#online-resources">https://github.com/enaqx/awesome-pentest#online-resources</a></div><div class="single"><span id="tags">[编程技术]&nbsp;&nbsp;</span>A toolkit to help you write shellcode<br><a target="_blank" href="https://media.blackhat.com/us-13/Arsenal/us-13-Fratantonio-ShellNoob-Slides.pdf">https://media.blackhat.com/us-13/Arsenal/us-13-Fratantonio-ShellNoob-Slides.pdf</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>XRay:Transparency for the Web<br><a target="_blank" href="http://xray.cs.columbia.edu/">http://xray.cs.columbia.edu/</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>Backdoor in a Public RSA Key<br><a target="_blank" href="http://kukuruku.co/hub/infosec/backdoor-in-a-public-rsa-key">http://kukuruku.co/hub/infosec/backdoor-in-a-public-rsa-key</a></div><div class="single"><span id="tags">[其它]&nbsp;&nbsp;</span>苹果手机产品安全设计相关文章<br><a target="_blank" href="http://www.patentlyapple.com/patently-apple/patents-security/">http://www.patentlyapple.com/patently-apple/patents-security/</a></div><div class="single"><span id="tags">[移动安全]&nbsp;&nbsp;</span>使用调试器对安卓APP进行安全测试<br><a target="_blank" href="http://www.freebuf.com/articles/terminal/57027.html">http://www.freebuf.com/articles/terminal/57027.html</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>安全漏洞本质扯谈之安全漏洞“串串烧”2<br><a target="_blank" href="http://www.weibo.com/p/1001643801038518942277">http://www.weibo.com/p/1001643801038518942277</a></div><div class="single"><span id="tags">[运维安全]&nbsp;&nbsp;</span>国外程序员整理的系统管理员资源大全<br><a target="_blank" href="http://blog.jobbole.com/83212/">http://blog.jobbole.com/83212/</a></div><div class="single"><span id="tags">[工具]&nbsp;&nbsp;</span>Zarp - Local Network Attack Framework http://<br><a target="_blank" href="http://hack-tools.blackploit.com/2014/10/zarp-local-network-attack-framework.html?utm_source=dlvr.it&amp;utm_medium=twitter">http://hack-tools.blackploit.com/2014/10/zarp-local-network-attack-framework.html?utm_source=dlvr.it&amp;utm_medium=twitter</a></div><div class="single"><span id="tags">[编程技术]&nbsp;&nbsp;</span>Using Assembly Language in Linux<br><a target="_blank" href="http://asm.sourceforge.net/articles/linasm.html">http://asm.sourceforge.net/articles/linasm.html</a></div><div class="single"><span id="tags">[编程技术]&nbsp;&nbsp;</span>Powershell and Windows RAW SOCKET<br><a target="_blank" href="http://drops.wooyun.org/tips/4707">http://drops.wooyun.org/tips/4707</a></div><div class="single"><span id="tags">[其它]&nbsp;&nbsp;</span>Chinese Spies Stole Australia’s New F-35 Lightning-II fighter Jet Design<br><a target="_blank" href="http://thehackernews.com/2015/01/F-35-Lightning-II-fighter-Jet-Design.html">http://thehackernews.com/2015/01/F-35-Lightning-II-fighter-Jet-Design.html</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>Scan office documents with OfficeMalScanner<br><a target="_blank" href="http://www.securityartwork.es/2015/01/12/destripando-documentos-ofimaticos-con-officemalscanner/">http://www.securityartwork.es/2015/01/12/destripando-documentos-ofimaticos-con-officemalscanner/</a></div><div class="single"><span id="tags">[编程技术]&nbsp;&nbsp;</span>Linux Assembly<br><a target="_blank" href="http://asm.sourceforge.net/">http://asm.sourceforge.net/</a></div><div class="single"><span id="tags">[编程技术]&nbsp;&nbsp;</span>Python Tips and Traps<br><a target="_blank" href="https://www.airpair.com/python/posts/python-tips-and-traps">https://www.airpair.com/python/posts/python-tips-and-traps</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>PDF deconstruído al aroma de shellcode ( II )-<br><a target="_blank" href="http://www.securityartwork.es/2014/10/08/pdf-deconstruido-al-aroma-de-shellcode-ii/">http://www.securityartwork.es/2014/10/08/pdf-deconstruido-al-aroma-de-shellcode-ii/</a></div><div class="single"><span id="tags">[工具]&nbsp;&nbsp;</span>Mac osx_infector<br><a target="_blank" href="https://gist.github.com/secretsquirrel/2ba497786027472f98dd">https://gist.github.com/secretsquirrel/2ba497786027472f98dd</a></div><div class="single"><span id="tags">[编程技术]&nbsp;&nbsp;</span>Using Assembly Language in Linux--(2)<br><a target="_blank" href="http://blog.chinaunix.net/uid-25909722-id-2890374.html">http://blog.chinaunix.net/uid-25909722-id-2890374.html</a></div><div class="single"><span id="tags">[运维安全]&nbsp;&nbsp;</span>SSHGuard:Defend from brute force attacks<br><a target="_blank" href="http://www.sshguard.net/">http://www.sshguard.net/</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>Glorious Leader&#039;s Not-That-Glorious Malwares<br><a target="_blank" href="https://www.codeandsec.com/Glorious-Leaders-Not-That-Glorious-Malwares-Part-2">https://www.codeandsec.com/Glorious-Leaders-Not-That-Glorious-Malwares-Part-2</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>Dynamic Malware Analysis with REMnux v5 – Part 1<br><a target="_blank" href="http://countuponsecurity.com/2015/01/13/dynamic-malware-analysis-with-remnux-v5-part-1/">http://countuponsecurity.com/2015/01/13/dynamic-malware-analysis-with-remnux-v5-part-1/</a></div><div class="single"><span id="tags">[运维安全]&nbsp;&nbsp;</span>iftop: display bandwidth usage on an interface<br><a target="_blank" href="http://www.ex-parrot.com/pdw/iftop/">http://www.ex-parrot.com/pdw/iftop/</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>Powershell and Windows RAW SOCKET<br><a target="_blank" href="http://x0day.me/index.php/archives/powershell-and-windows-raw-socket.html">http://x0day.me/index.php/archives/powershell-and-windows-raw-socket.html</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>zxcvbn: realistic password strength estimation<br><a target="_blank" href="https://tech.dropbox.com/2012/04/zxcvbn-realistic-password-strength-estimation/">https://tech.dropbox.com/2012/04/zxcvbn-realistic-password-strength-estimation/</a></div><div class="single"><span id="tags">[编程技术]&nbsp;&nbsp;</span>亿级用户下的新浪微博平台架构<br><a target="_blank" href="http://blog.jobbole.com/83459/">http://blog.jobbole.com/83459/</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>linux symbolic link attack tutorial<br><a target="_blank" href="http://xteam.baidu.com/?p=175">http://xteam.baidu.com/?p=175</a></div></section>
<section id="news">
        <pre style="margin-top: 15px; margin-bottom: 15px; padding: 6px 10px; max-width: 100%; color: rgb(62, 62, 62); background-color: rgb(255, 255, 255); -webkit-print-color-adjust: exact; border-width: 1px; border-style: solid; border-color: rgb(204, 204, 204); font-size: 13px; line-height: 19px; overflow: auto; border-radius: 3px; box-sizing: border-box !important; word-wrap: break-word !important;"><code class="" style="max-width: 100%; -webkit-print-color-adjust: exact; border-width: initial; border-style: none; border-color: initial; background-color: transparent; border-radius: 3px; box-sizing: border-box !important; word-wrap: break-word !important;">-----微信ID：SecWiki-----
SecWiki，5年来一直专注安全技术资讯分析！
SecWiki：https://www.sec-wiki.com</code></pre>
    <p style="max-width: 100%; min-height: 1em; color: rgb(62, 62, 62); font-size: 16px; white-space: normal; background-color: rgb(255, 255, 255); box-sizing: border-box !important; word-wrap: break-word !important;"><span style="max-width: 100%; font-size: 14px; box-sizing: border-box !important; word-wrap: break-word !important;">本期原文地址:<span style="max-width: 100%; font-family: Helvetica, arial, sans-serif; box-sizing: border-box !important; word-wrap: break-word !important;">&nbsp;<a href="https://www.sec-wiki.com/weekly/47">SecWiki周刊(第47期)</a></span><br style="max-width: 100%; box-sizing: border-box !important; word-wrap: break-word !important;"></span></p>
</section>
    </div><!-- content -->
</div>
    </div>
</div>

<div id="footer" class="footer">
		<div class="container"  style="margin-top: 5px;">
			<div class="span3">
				<div class="one-third column">
					<h5 class="title">
					<a target="_blank" href="/about/index">最新公告</a>						<span class="line"></span>
					</h5>
					<p>
						<a href='http://www.sec-wiki.com/about/donate'>2016-01-01 打赏功能开通</a><br>
						<a href='http://www.sec-wiki.com/about/join'>2015-01-05 如何加入SecWiki</a><br>
						<a href='http://www.sec-wiki.com/about/submit'>2014-08-08 如何快捷提交资讯</a><br>
						<a href='http://www.sec-wiki.com/about/index'>2012-07-01 关于SecWiki</a><br>
				</div>
			</div>

			<div class="span5">
				<div class="one-third column">
					<h5 class="title">
						<a target="_blank" href="/nav/index">友情链接</a>						<span class="line"></span>
					</h5>
					<p>
						<a href='https://www.secsilo.com/'>安全沙漏</a>&nbsp;
						<a href='http://www.freebuf.com/'>Freebuf</a>&nbsp;
						<a href='http://www.anquanquan.info/'>安全圈</a>&nbsp;
						<a href='http://navisec.it/'>Navisec</a>&nbsp;
                        <a href='http://das.scusec.org'>小黑屋</a>&nbsp;
                        <a href='http://www.polaris-lab.com/'>勾陈Lab</a>
                        <br>
						<a href='http://www.ijiandao.com'>网络尖刀</a>&nbsp;
                        <a href='http://www.shellpub.com/'>ShellPub</a>&nbsp;
                        <a href='http://www.secpulse.com/?secwiki'>SecPulse</a>&nbsp;
                        <a href='https://www.secquan.org/'>圈子</a>
                        <a href='http://bluereader.org/'>深蓝阅读</a>&nbsp;<br>
                        <a href='http://www.bugbank.cn/'>漏洞银行</a>
                        <a href='http://bobao.360.cn/'>安全客</a>
                        <a href='http://www.secfree.com/'>指尖安全</a>
                        <a href='https://www.easyaq.com/'>E安全</a>
                        <a href='http://www.vipread.com/'>安全slide</a>

                        <a href="/link">更多</a>
					</p>
				</div>
			</div>

			<div class="span2">
			    <div class="one-third column">
					<h5 class="title">
					<a target="_blank" href="/about/index">SecWiki公众号</a>						<span class="line"></span>
					</h5>
					<div style="margin-top:15px; width: 90px; height: 90px;">
						<img src="https://secwiki.b0.upaiyun.com/weixin.jpg">
					</div>
				</div>
			</div>

			<div class="span2">
				<div class="one-third column">
					<h5 class="title">
					<a target="_blank" href="/about/donate">安全学术圈</a>					<span class="line"></span>
					</h5>
					<div style="margin-top:15px; width: 90px; height: 90px;">
						<img src="https://secwiki.b0.upaiyun.com/secquan.jpg">
					</div>
				</div>
			</div>

		</div>
		<div class="container" style="margin-top:5px;margin-bottom: 10px;">
			<div class="span9">
					Copyright &copy;
					2019                    琼ICP备16003361号-4
                    SecWiki
					<a href="/news/rss">
						<img src="/img/rss.gif" border="0" width="36px" height="14px" alt="订阅SecWiki">
					</a>
					<a href="https://www.upyun.com/">
						<img src="https://secwiki.b0.upaiyun.com/upyun.png" width="80" border="0" alt="UPYUN">
					</a>
					<a href="http://www.vultr.com/?ref=6885244">
						<img src="https://secwiki.b0.upaiyun.com/vultr.png" width="100" border="0" alt="vultr">
					</a>&nbsp;&nbsp;
			</div>
		</div>
</div><!-- footer -->
<div id="csswithjs">
        <script type="text/javascript">
            var _bdhmProtocol = (("https:" == document.location.protocol) ? " https://" : " http://");
            document.write(unescape("%3Cscript src='" + _bdhmProtocol + "hm.baidu.com/h.js%3Fbad84ea1f314383f8da7949aad5c2199' type='text/javascript'%3E%3C/script%3E"));
    </script>
</div>
<script type="text/javascript" src="https://secwiki.b0.upaiyun.com/js/bs.min.js"></script>
<script type="text/javascript">
/*<![CDATA[*/
jQuery(function($) {
jQuery('[data-toggle=popover]').popover();
jQuery('body').tooltip({"selector":"[data-toggle=tooltip]"});
jQuery('#yii_bootstrap_collapse_0').collapse({'parent':false,'toggle':false});
});
/*]]>*/
</script>
</body>
<!-- page -->
</html>
